<?php
	include ("common/connectDB.php");

	if(isset($_POST['ok'])) {
		$u=$p="";
	 	if($_POST['username'] == NULL) {
	  		echo "Điền username đi vợ :D<br />";
	 	} else {
	  		$u=$_POST['username'];
	 	}
	 
	 	if($_POST['password'] == NULL) {
	  		echo "Không điền password à, v dị nhể :))<br />";
	 	} else {
	  		$p=$_POST['password'];
		}
		
	 	if($u && $p) {
	  		$sql="select * from tbl_user where username='".$u."' and password='".$p."'";
	  		$query=mysql_query($sql);
	  		if(mysql_num_rows($query) == 0) {
	   			echo "Sai username hoặc password rồi nhá :(";
	  		} else {
	   			$row=mysql_fetch_array($query);
	   			session_start();
	   			$_SESSION['userid'] = $row['id'];
	   			$_SESSION['level'] = $row['level'];
	   			include_once("controller/ControllerAdmin.php");
	   			$controller = new ControllerAdmin();
	   			$controller->invokeAdmin();
			}
	 	}
	} else {
?>
	<!DOCTYPE html>
	<!--[if lt IE 7 ]> <html lang="en" class="ie6 ielt8"> <![endif]-->
	<!--[if IE 7 ]>    <html lang="en" class="ie7 ielt8"> <![endif]-->
	<!--[if IE 8 ]>    <html lang="en" class="ie8"> <![endif]-->
	<!--[if (gte IE 9)|!(IE)]><!--> <html lang="en"> <!--<![endif]-->
	<head>
	<meta charset="utf-8">
	<title>Admin Login</title>
	</head>
	<body>
		<form action='admin.php' method='post'>
		Username: <input type='text' name='username' size='25' /><br />
		Password: <input type='password' name='password' size='25' /><br />
		<input type='submit' name='ok' value='Dang Nhap' />
		</form>
	</body>
	</html> 
<?php

	}
?>